| Category: | Administration |
| Author/Contact Info | Neil Watson perlmonk@watson-wilson.ca |
| Description: | It has been my experience that the first sign of network trouble is when sendmail begins to que up mail. This code examines syslog for "mail deferred" messages. If the ratio of these messages compaired to the time sample of the log matches your criteria a warning email is sent. |
#!/usr/bin/perl -w use strict; use warnings; my $ratio = 1/2; # ratio of deferred messages per minute needed to mai +l warning my $lines = 300; #number of lines from the syslog to examine my $day = `date +"%b %d"`; #check only logs for today $day =~ s/(\s{1})0/$1/; #remove leading 0 from day my $recipient = "youname\@domain.com"; #who gets the report my $log = `tail -$lines /var/log/syslog|egrep -i '$day'|egrep -i 'defe +rred'`; # get report my @log = split(/\n/,$log); # split report my @full = ""; my $ehour = 0; my $eminute = 0; my $shour = 0; my $sminute = 0; my $ttime = 0; my $hostname = `hostname`; chomp($hostname); #examine log $_ = $log[0]; #get time from first log entry if (m/\s(\d{1,2}):(\d{2}):/) { $shour = $1; $sminute = $2; } $_ = $log[-1]; #get time from last log entry if (m/\s(\d{1,2}):(\d{2}):/) { $ehour = $1; $eminute = $2; } # how much time does the log represent $ttime = 60*($ehour-$shour)+ $eminute - $sminute; if ($ttime == 0) {die ("deferred messages ocurred withing 1 minute of +each other\n")}; #create and mail report if ($#log / $ttime >= $ratio) { open(MAIL, "|mail -s \"Mail Transfer Agent Warning\" $recipien +t"); #note if you use solaris is you have to use /usr/ubc/mail print MAIL "\nWarning from $hostname\n"; print MAIL "$#full messages have been deferred in the past $tt +ime minutes\n"; print MAIL "Recommend you invesigate this issue. Syslog sampl +es below.\n"; print MAIL "@log"; close(MAIL); } |
|
|
|---|